Client Access: Allow to select Client Access Restrictions for new users

2024-05-10 13:42:42 -04:00 · 2024-05-10 13:42:42 -04:00 · 85bf412f53
parent fa064962a9
commit 85bf412f53
3 changed files with 32 additions and 1 deletions
--- a/admin_user_add_modal.php
+++ b/admin_user_add_modal.php
@ -62,6 +62,29 @@
                        </div>
                    </div>

+                    <div class="form-group">
+                        <label>Restrict Client Access</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
+                            </div>
+                            <select class="form-control select2" name="clients[]" data-placeholder="Restrict Client Access" multiple>
+                                <?php
+
+                                $sql_client_select = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_archived_at IS NULL ORDER BY client_name ASC");
+                                while ($row = mysqli_fetch_array($sql_client_select)) {
+                                    $client_id = intval($row['client_id']);
+                                    $client_name = nullable_htmlentities($row['client_name']);
+
+                                    ?>
+                                    <option value="<?php echo $client_id; ?>"><?php echo $client_name; ?></option>
+
+                                <?php } ?>
+                            </select>
+                        </div>
+                        <small class="text-muted">Leave Blank for Full access to all clients, no affect on users with the admin role.</small>
+                    </div>
+
                    <div class="form-group">
                        <label>Avatar</label>
                        <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
--- a/inc_all_client.php
+++ b/inc_all_client.php
@ -12,7 +12,7 @@ if (isset($_GET['client_id'])) {
    // Check to see if the logged in user has permission to access this client (Admins have access to all no matter what perms are set)
    if(!in_array($client_id, $client_access_array) AND !empty($client_access_string) AND $session_user_role < 3) {
        // Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Access', log_description = '$session_name was denyed permission from accessing client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $client_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Access', log_description = '$session_name was denied permission from accessing client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $client_id");

        $_SESSION['alert_type'] = "error";
        $_SESSION['alert_message'] = "Access Denied - You do not have permission to access that client!";
--- a/post/user.php
+++ b/post/user.php
@ -18,6 +18,14 @@ if (isset($_POST['add_user'])) {

    $user_id = mysqli_insert_id($mysqli);

+    // Add Client Access Permissions if set
+    if (!empty($_POST['clients'])) {
+        foreach($_POST['clients'] as $client_id) {
+            $client_id = intval($client_id);
+            mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id");
+        }
+    }
+
    if (!file_exists("uploads/users/$user_id/")) {
        mkdir("uploads/users/$user_id");
    }